Latest news with #EyeSecurity
Axios
6 hours ago
- Axios
Ransomware spree looms after SharePoint breach
Ransomware gangs are on the hunt for organizations that have yet to patch their vulnerable Microsoft SharePoint servers. Why it matters: Those could include organizations across the government and sectors including education, health care, transportation, technology and finance, security experts told Axios. State of play: As of Wednesday, more than 400 systems had been actively compromised via the SharePoint zero-day vulnerability, according to researchers at Eye Security. Several federal government agencies — including at the departments of Energy, Homeland Security, and Health and Human Services — have been hacked, likely by groups linked to the Chinese government. Malicious hackers have attempted to break into more than 90 state and local government offices, according to Randy Rose, vice president of security operations and intelligence at the Center for Internet Security, which runs the Multi-State Information Sharing and Analysis Center. Last week, researchers warned that the attackers were also stealing machine keys once they broke in — which would allow them to return even after a vulnerable SharePoint server was patched. Threat level: The new Warlock ransomware gang is actively targeting vulnerable SharePoint servers, Microsoft warned last week. Since emerging in June, the Warlock gang has claimed responsibility for attacking 19 victims across the government, finance, manufacturing, technology and consumer goods sectors, according to security firm Halcyon. The group is believed to be a descendent of the Black Basta gang, which was known for hacking more than 500 organizations globally, per U.S. authorities. Zoom out: Ransomware is the most pressing long-tail cyber threat for organizations to be concerned about, Rafe Pilling, director of threat intelligence at Sophos' Counter Threat Unit, told Axios. So far, Sophos hasn't seen any active ransomware attacks tied to the SharePoint vulnerability, but Pilling said it's only a matter of time. "No doubt, there will be people that don't patch, and we will continue to see this pop up as an entry point down the line," Pilling said. The big picture: Ransomware gangs routinely adopt newly discovered zero-day vulnerabilities to gain access to corporate networks. In 2021, ProxyShell — a trio of critical vulnerabilities in Microsoft Exchange Server — was discovered by security researchers and patched by Microsoft. But before many organizations updated their systems, the flaws were exploited first by espionage-focused hackers and then by opportunistic ransomware gangs. Within weeks, several groups had used the vulnerabilities to breach at least a thousand organizations. The incident demonstrated how quickly ransomware operators can weaponize publicly disclosed vulnerabilities. While the initial wave subsided after widespread patching, there have still been attacks reported years later. Reality check: Pilling said that the SharePoint attacks will likely be less detrimental than ProxyShell and similar incidents but that companies are still at risk if they haven't patched. Between the lines: These types of complex, multistage hacks are becoming the norm, Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, told Axios. The SharePoint hacks are the result of attackers stringing together two vulnerabilities that, on their own, "weren't that big of a deal, " Steinhauer said. "Attackers know that they're not as prioritized and that we're all already trying to patch so many vulnerabilities that we have to prioritize," he said. "They're gaming the system." What to watch: Ransomware gangs are likely to try targeting vulnerable, unpatched SharePoint servers for months to come.
Yahoo
3 days ago
- Business
- Yahoo
3 Top Cybersecurity Stocks to Buy Now
Some administrators who logged in last week found their on-premises Microsoft SharePoint servers silently uploading web shells instead of documents. A single, carefully forged packet had slipped past every guardrail and granted attackers full remote control before any human had typed a password. What unfolded is now known as the ToolShell exploit chain. Security researchers at the Dutch firm Eye Security noticed an unusual file on a client's server and sounded the alarm. More News from Barchart Dear Palantir Stock Fans, Mark Your Calendars for August 4 The 3 Buffett-Backed Dividend Stocks That Beat the Market in 2025 Should You Buy the Post-Earnings Plunge in Intel Stock? Get exclusive insights with the FREE Barchart Brief newsletter. Subscribe now for quick, incisive midday market analysis you won't find anywhere else. Thousands of organizations worldwide use SharePoint. Does this prove that hackers are becoming better and more dangerous? The uncomfortable answer is yes. As the internet becomes the primary place where corporations store their valuable data, cybersecurity is only going to get more important. Here are three cybersecurity stocks that have seen positive price action since the exploit. They have also topped Barchart's cybersecurity stocks list, sorted by analyst recommendations. Cybersecurity Stock #1: Cyberark Software (CYBR) CyberArk Software (CYBR) is not as familiar as a name as CrowdStrike (CRWD) or Palo Alto (PANW), but the Israeli company has built its reputation on privileged access management. More than half of Fortune 500 companies and roughly 35% of the Global 2000 rely on CyberArk to lock down the credentials that attackers prize most. Its solutions portfolio stretches from the classic Privileged Access Manager to newer software-as-a-service offerings such as Privilege Cloud, Endpoint Privilege Manager, and Secure Cloud Access, all unified under an identity security platform that now includes machine identities and, most recently, artificial intelligence agents. Q1 revenue increased 43% to $318 million. Subscription sales grew 60% year-over-year, and annual recurring revenue crossed the $1 billion mark for the first time at $1.215 billion. 85% of that total now comes from subscriptions rather than older perpetual licenses. Management guided full-year revenue to roughly $1.3 billion, implying 31.5% growth without assuming any additional large deals. The mean price target here is $449, with targets going up to $500. Cybersecurity Stock #2: Broadcom (AVGO) Broadcom (AVGO) is as much a cybersecurity company as it is a chip designer. It acquired the Symantec division in 2019, and its Endpoint Security Complete is now the default choice for enterprises that run virtual machines like VMware. Broadcom's infrastructure software grew 47% year-over-year to $6.7 billion in Q1. In Q2, it grew 25% year-over-year. Looking ahead, the company guided to $15.8 billion of revenue for Q3, up 21% year-over-year, and reiterated that AI-driven security will be one of the two main growth vectors alongside custom AI accelerators. Free cash flow is already running at more than $6.4 billion per quarter, and management returned $7 billion to shareholders through buybacks and dividends last quarter alone. Out of 36 analysts, 32 tag it as a 'Strong Buy,' with one 'Moderate Buy' and three 'Hold' ratings. Price targets go up to $400, with the mean price target at $298.55. Cybersecurity Stock #3: Zscaler (ZS) Zscaler (ZS) is a cloud-based cybersecurity company. It sends all traffic through a single cloud checkpoint before anything touches the open web or a private server. It is becoming more popular as many see it as a better solution due to its Zero Trust mode, which does not give any device trusted access. Hence, hackers can't take over the network if any device is hacked. Fiscal Q3 results exceeded even the most optimistic projections. Revenue rose 23% year over year to $678 million. Calculated billings, a forward-looking gauge of contract signings, jumped 25% to $785 million, while deferred revenue climbed 26% to just under $2 billion. Earnings per share came in at 84 cents, 12% ahead of expectations and nearly 20% higher than the year-ago quarter. The balance sheet is equally sturdy. Zscaler now holds more than $3 billion in cash and short-term investments. There are price targets going to $385, with the mean price target at $310.33. On the date of publication, Omor Ibne Ehsan did not have (either directly or indirectly) positions in any of the securities mentioned in this article. All information and data in this article is solely for informational purposes. This article was originally published on Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
The Hindu
5 days ago
- Business
- The Hindu
Risk highlighted as Chinese hackers hit Microsoft
Software giant Microsoft is at the centre of cybersecurity storm after China-linked hackers exploited flaws in SharePoint servers to target hundreds of organisations. While such cyberattacks are not new, the scale of the onslaught and the speed with which the hackers took advantage of freshly discovered vulnerabilities is fuelling concern. Dutch startup Eye Security warned Saturday of online attacks targeting SharePoint file-sharing servers, with Microsoft quick to confirm the report and release patches to protect systems. The vulnerability allowed hackers to retrieve credentials and then access SharePoint servers kept at users' facilities, according to Microsoft. Cloud-based SharePoint software was safe from the problem, the company said. Eye Security determined that more than 400 computer systems were compromised by hackers during waves of attacks. Targets included government organisations in Europe, the Middle East and the United States, among them the U.S. nuclear weapons agency, media reports indicated. "On-premises SharePoint deployments - particularly within government, schools, healthcare and large enterprise companies - are at immediate risk," cybersecurity firm Palo Alto Networks warned in a note. Microsoft has not disclosed the number of victims in the attacks. SharePoint had more than 200 million active users as of 2020, according to the most recent figures available from Microsoft. Microsoft has attributed the cyberattacks to groups backed by China. The culprits are believed to include Chinese state actors known as Linen Typhoon and Violet Typhoon along with a group called Storm-2603 which "is considered with moderate confidence to be a threat actor based in China." The Typhoon groups have been active for a decade or more, and are known for intellectual property theft as well as espionage, according to Microsoft. Less was known about Storm-2603 and its motives. "Investigations into other actors also using these exploits are ongoing," Microsoft said, urging users to patch SharePoint servers to avoid becoming hacking victims. Cybersecurity specialist Damien Bancal noted in a recent blog post that he found "ready-to-use exploit code" for the vulnerability at a popular website. The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against "the Microsoft ecosystem," according to Bancal. In 2021, attacks by a Chinese hacker group known as Silk Typhoon compromised tens of thousands of email servers using Microsft Exchange software. Microsoft's success at making its software commonplace in offices and homes also makes it a prime target for hackers out to steal money or information. Microsoft software can hold sensitive and valuable information. "It's not Microsoft that is being targeted, it's its customers," said Shane Barney, head of information security at US-based Keeper. Targeting Microsoft programmes is a means to an end, and tomorrow it could be software from another company, said Rodrigue Le Bayon, head of Orange Cyberdefense computer emergency response team. China is not the only nation backing hacker operations as countries around the world hone cyber capabilities, according to Le Bayon. Nevertheless, China is repeatedly singled out by companies and governments hit by hacks. Western countries have accused hacker groups allegedly supported by China of conducting a global cyber espionage campaign against figures critical of Beijing, democratic institutions, and companies in various sensitive sectors.
Mint
5 days ago
- Business
- Mint
Risk highlighted as Chinese hackers hit Microsoft
Software giant Microsoft is at the center of cybersecurity storm after China-linked hackers exploited flaws in SharePoint servers to target hundreds of organizations. While such cyberattacks are not new, the scale of the onslaught and the speed with which the hackers took advantage of freshly discovered vulnerabilities is fueling concern. Dutch startup Eye Security warned Saturday of online attacks targeting SharePoint file-sharing servers, with Microsoft quick to confirm the report and release patches to protect systems. The vulnerability allowed hackers to retrieve credentials and then access SharePoint servers kept at users' facilities, according to Microsoft. Cloud-based SharePoint software was safe from the problem, the company said. Eye Security determined that more than 400 computer systems were compromised by hackers during waves of attacks. Targets included government organizations in Europe, the Middle East and the United States - among them the US nuclear weapons agency, media reports indicated. "On-premises SharePoint deployments - particularly within government, schools, healthcare and large enterprise companies - are at immediate risk," cybersecurity firm Palo Alto Networks warned in a note. Microsoft has not disclosed the number of victims in the attacks. SharePoint had more than 200 million active users as of 2020, according to the most recent figures available from Microsoft. Microsoft has attributed the cyberattacks to groups backed by China. The culprits are believed to include Chinese state actors known as Linen Typhoon and Violet Typhoon along with a group called Storm-2603 which "is considered with moderate confidence to be a threat actor based in China." The Typhoon groups have been active for a decade or more, and are known for intellectual property theft as well as espionage, according to Microsoft. Less was known about Storm-2603 and its motives. "Investigations into other actors also using these exploits are ongoing," Microsoft said, urging users to patch SharePoint servers to avoid becoming hacking victims. Cybersecurity specialist Damien Bancal noted in a recent blog post that he found "ready-to-use exploit code" for the vulnerability at a popular website. The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against "the Microsoft ecosystem," according to Bancal. In 2021, attacks by a Chinese hacker group known as Silk Typhoon compromised tens of thousands of email servers using Microsft Exchange software. Microsoft's success at making its software commonplace in offices and homes also makes it a prime target for hackers out to steal money or information. Microsoft software can hold sensitive and valuable information. "It's not Microsoft that is being targeted, it's its customers," said Shane Barney, head of information security at US-based Keeper. Targeting Microsoft programs is a means to an end, and tomorrow it could be software from another company, said Rodrigue Le Bayon, head of Orange Cyberdefense computer emergency response team. China is not the only nation backing hacker operations as countries around the world hone cyber capabilities, according to Le Bayon. Nevertheless, China is repeatedly singled out by companies and goverments hit by hacks.
Arab News
5 days ago
- Business
- Arab News
Risk highlighted as Chinese hackers hit Microsoft
PARIS : Software giant Microsoft is at the center of cybersecurity storm after China-linked hackers exploited flaws in SharePoint servers to target hundreds of organizations. While such cyberattacks are not new, the scale of the onslaught and the speed with which the hackers took advantage of freshly discovered vulnerabilities is fueling concern. Dutch startup Eye Security warned Saturday of online attacks targeting SharePoint file-sharing servers, with Microsoft quick to confirm the report and release patches to protect systems. The vulnerability allowed hackers to retrieve credentials and then access SharePoint servers kept at users' facilities, according to Microsoft. Cloud-based SharePoint software was safe from the problem, the company said. Eye Security determined that more than 400 computer systems were compromised by hackers during waves of attacks. Targets included government organizations in Europe, the Middle East and the United States — among them the US nuclear weapons agency, media reports indicated. 'On-premises SharePoint deployments — particularly within government, schools, health care and large enterprise companies — are at immediate risk,' cybersecurity firm Palo Alto Networks warned in a note. Microsoft has not disclosed the number of victims in the attacks. SharePoint had more than 200 million active users as of 2020, according to the most recent figures available from Microsoft. Microsoft has attributed the cyberattacks to groups backed by China. The culprits are believed to include Chinese state actors known as Linen Typhoon and Violet Typhoon along with a group called Storm-2603 which 'is considered with moderate confidence to be a threat actor based in China.' The Typhoon groups have been active for a decade or more, and are known for intellectual property theft as well as espionage, according to Microsoft. Less was known about Storm-2603 and its motives. 'Investigations into other actors also using these exploits are ongoing,' Microsoft said, urging users to patch SharePoint servers to avoid becoming hacking victims. Cybersecurity specialist Damien Bancal noted in a recent blog post that he found 'ready-to-use exploit code' for the vulnerability at a popular website. The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against 'the Microsoft ecosystem,' according to Bancal. In 2021, attacks by a Chinese hacker group known as Silk Typhoon compromised tens of thousands of email servers using Microsft Exchange software. Microsoft's success at making its software commonplace in offices and homes also makes it a prime target for hackers out to steal money or information. Microsoft software can hold sensitive and valuable information. 'It's not Microsoft that is being targeted, it's its customers,' said Shane Barney, head of information security at US-based Keeper. Targeting Microsoft programs is a means to an end, and tomorrow it could be software from another company, said Rodrigue Le Bayon, head of Orange Cyberdefense computer emergency response team. China is not the only nation backing hacker operations as countries around the world hone cyber capabilities, according to Le Bayon. Nevertheless, China is repeatedly singled out by companies and goverments hit by hacks. Western countries have accused hacker groups allegedly supported by China of conducting a global cyber espionage campaign against figures critical of Beijing, democratic institutions, and companies in various sensitive sectors.
